Security Advisory: NSSM 2.24 Privilege Escalation
Software: Non-Sucking Service Manager (NSSM)
Affected Versions: NSSM 2.24 (and likely prior versions)
Severity: High
Vector: Local
Impact: Privilege Escalation (Local System)
TL;DR
A dangerous weakness exists in NSSM (Non-Sucking Service Manager) versions 2.24 and below. If an attacker has medium integrity (standard user) access to a system where an NSSM service runs as SYSTEM, they can trivially escalate to NT AUTHORITY\SYSTEM by abusing the service’s binary path.
The Vulnerability: Arbitrary Command Execution as SYSTEM
Real-World Impact
- Shared development machines (e.g., Jenkins agents, build servers).
- Privilege escalation from a low-privilege user to domain admin on a misconfigured box.
- Persistence: An attacker could modify the binary path to their backdoor.
Nssm-2.24 Privilege Escalation: Updated
Security Advisory: NSSM 2.24 Privilege Escalation
Software: Non-Sucking Service Manager (NSSM)
Affected Versions: NSSM 2.24 (and likely prior versions)
Severity: High
Vector: Local
Impact: Privilege Escalation (Local System)
TL;DR
A dangerous weakness exists in NSSM (Non-Sucking Service Manager) versions 2.24 and below. If an attacker has medium integrity (standard user) access to a system where an NSSM service runs as SYSTEM, they can trivially escalate to NT AUTHORITY\SYSTEM by abusing the service’s binary path. nssm-2.24 privilege escalation
The Vulnerability: Arbitrary Command Execution as SYSTEM
Real-World Impact
- Shared development machines (e.g., Jenkins agents, build servers).
- Privilege escalation from a low-privilege user to domain admin on a misconfigured box.
- Persistence: An attacker could modify the binary path to their backdoor.